Well, you knew it was coming . . . Healthcare.gov Website Hacked.

quote:

---

WSJ

Hacker Breached HealthCare.gov Insurance Site
By Danny Yadron
Sept. 4, 2014 7:36 p.m. ET

A hacker broke into part of the HealthCare.gov insurance enrollment website in July and uploaded malicious software, according to federal officials.

The server was connected to more sensitive parts of the website that had better security protections, the officials said. That means it would have been possible, if difficult, for the intruder to move through the network and try to view more protected information, an official at the Department of Health and Human Services said.

"Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted," HHS said in a written statement. "We have taken measures to further strengthen security."

The attack comes as the federal government and insurance companies prepare for the second year of open enrollment to buy health insurance under the law, beginning on Nov. 15. Federal officials said that the incident shouldn't have an effect on the process, and that the intruder has since been blocked.

The breach could add fresh ammunition to fall election campaigns by Republican lawmakers, who oppose the law and have criticized its rollout. HealthCare.gov suffered from crippling technology problems when it launched in October, though the government has since improved the site. Some 5.4 million applicants signed up for health plans via the site by the end of open enrollment.
========

The White House and congressional staff have been briefed on the matter, officials said. The Department of Homeland Security, Federal Bureau of Investigation and National Security Agency have aided the investigation, which is active. The FBI traced the attack to several Internet addresses—some overseas—but doesn't think it is the work of a state-backed actor, officials said.

"There is no indication that any data was compromised at this time," DHS spokesman S.Y. Lee said in a written statement. "DHS will continue to monitor the situation and help develop and implement precautionary mitigation strategies as necessary."
========

"It is full of data that criminals covet," said Rep. Joe Barton (R., Texas), who opposes the health-care law. "Handing private information over to the government is bad enough. People should at least know it won't fall into the hands of hackers."

Sen. Tom Carper (D., Del.), chairman of the Senate homeland security panel, called the incident "deeply troubling."

HHS said it has taken cybersecurity seriously since launching HealthCare.gov. The site undergoes quarterly security audits from Blue Canopy Group LLC, a private security company in Reston, Va. It also undergoes daily security scans and drill-hacking exercises.

It couldn't be learned whether the misconfigured server could be linked to any of the several technology contractors who help set up the website.

LINK

---